Trio of operating systems based on BSD is even more reliable
and secure

By Simson L. Garfinkel, 09/16/99

The Linux operating system has gotten a tremendous amount of
publicity in recent months. Millions of computers are running
Linux; it is playing an increasingly important role in business;
and people are beginning to think Linux might be a credible threat
to the dominance of Microsoft.

But I'm not rejoicing for the ascendancy of Linux or its penguin
mascot. I have my two feet firmly planted in another camp. No, I'm
not rooting for Bill Gates and the Redmond home team. Instead,
I've thrown my lot in with a trio of operating systems that all
end with the initials BSD.

At my home, I run an operating system called NetBSD on the
computer that's connected to my MediaOne cable modem. This NetBSD
machine is my file server and my print server. It also runs a
system called NAT (network address translation) that lets me
access the Internet from the other computers on my home network. I
installed NetBSD on the computer a little more than a year ago,
and it has been working well for me ever since.

It's important to understand that everything I do with NetBSD I
could do just as easily with Linux. That's because there are far
more similarities between the two systems than differences. Both
are based on the Unix operating system, developed at Bell Labs in
the 1970s, and both can be freely redistributed. The big
difference is portability. While Linux can only run on a few kinds
of computers, NetBSD can run on more than 22, including
Intel-compatible PCs, Amigas, old 68000-based Macs, Digital VAXes,
and even those sleek but defunct NeXT workstations. This has made
the system popular at places like MIT and NASA, both of which have
large menageries of computer systems from a multitude of vendors.

Earlier this year there were a number of well-publicized security
problems involving the Linux operating system. During that time my
computer was frequently attacked. However, since I wasn't running
Linux, I wasn't vulnerable. Linux is the favored operating system
for most of the attackers on the Internet, which is another reason
I don't use it.

Last month I set up a high-performance database server. This
machine runs FreeBSD, a different version of the BSD operating
system. FreeBSD has gained notoriety in recent weeks because it
powers Yahoo and Hotmail. The operating system also has a
reputation for never crashing - while offering high performance
and leading-edge features. I chose FreeBSD for the database server
because FreeBSD has exceptionally good support for multiple
execution threads within a single process, allowing the database
server to be more responsive when more than one person is using it
at the same time.

OpenBSD is the ultra-secure version of BSD developed by
programmers in Canada. Although all the BSD systems are reasonably
secure, the dozen people who created OpenBSD spent more than four
years doing a line-by-line audit of it, fixing security pitfalls
other Unix vendors haven't even conceived.

Because the OpenBSD team is based in Canada, it isn't hobbled by
the antiquarian export control laws that stifle much of the US
software industry. As a result, OpenBSD comes with military-grade
cryptography deeply integrated into the core system. OpenBSD also
comes with IPsec, the cryptographic extensions to the Internet's
TCP/IP protocol that let systems automatically encrypt information
before it is sent over the wire. This is the same software other
companies sell for thousands of dollars. It's free with
OpenBSD. (NetBSD should have a full implementation of IPsec by the
end of the year; a version of IPsec is also available for Linux,
but it isn't built-in.) All of these combine to make the operating
system a good choice for firewalls and the paranoid.

The three BSD operating systems are all descended from the BSD
version of Unix developed at the University of California at
Berkeley during the 1980s (''BSD'' stands for Berkeley Standard
Distribution). They're also the descendants of Project GNU,
started by Richard Stallman at the Massachusetts Institute of
Technology. There's a lot of infighting among the groups
developing these three systems, but there's also a lot of
cooperation, since all are distributed in source code. All can run
most programs that are written for Linux, and frequently they can
run the programs faster than Linux itself.

If I had to pick out the single difference between the BSD
community as a whole and the proponents of Linux, I would say it
is something called ''correctness.'' The BSD developers are more
concerned that the underlying technology in their operating
systems be implemented in a manner consistent with the overall
design of the systems. Linux developers, overall, are more
interested in just putting together something that works.

Another big difference is commercialism. Where the BSD projects
are largely the work of individuals, businesses are now the
driving force in the Linux community. This may be one reason
proponents of Linux are frequently slow to admit the debt they owe
to the Computer Science Research Group at Berkeley, which created
BSD, and to the Free Software Foundation at MIT, the charitable
organization that raised money for Project GNU. Although Linus
Torvalds frequently gets the credit for creating Linux, he only
wrote the system's kernel. The rest he cobbled together from other
sources, largely BSD and GNU.

Kirk McKusick wrote an excellent history of BSD in his essay
''Twenty Years of Berkeley Unix.'' You can find it in the book
''Open Sources,'' published by O'Reilly & Associates. It is also
on line, along with the rest of the book, at
www.oreilly.com/catalog/opensources/book/kirkmck.html.

Although Linux is a fine operating system, I would encourage
businesses as well as advanced enthusiasts to take a serious look
at the other choices.